THEFT – Testing for Hacking Embezzlement Fraud Thieves – Security Testing Tools List

October 11, 2016 | Views: 4634

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Open Source and Free Web Application Testing Tools

Acunetix Security Scanner – http://www.acunetix.com/ Acunetix has two Scanners. Web Vulnerability Scannerand Network Security Scanner.  You can either download for a 14 day trial or run a Free Network Security Scan from the Cloud.

Arachni http://www.arachni-scanner.com/ Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is multi-platform, supporting all major operating systems (MS Windows, Mac OS X and Linux) and distributed via portable packages which allow for instant deployment.

BeEF (Browser Exploitation Framework) http://beefproject.com/ – It detects application weakness using browser vulnerabilities. It uses client-side attack vectors to verify security of an application. It can issue browser commands like redirection, changing URLs and generating dialogue boxes.

BURP Suite – https://portswigger.net/ Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

CURL https://curl.haxx.se/ Curl is used in command lines or scripts to transfer data. It is also used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, media players and is the internet transfer backbone for thousands of software applications affecting billions of humans daily.

Fiddler – http://www.telerik.com/fiddler Use Fiddler for security testing your web applications — decrypt HTTPS traffic, and display and modify requests using a man-in-the-middle decryption technique. Configure Fiddler to decrypt all traffic, or only specific session (note there is a free version and paid version)

Google Nogotofail – https://github.com/google/nogotofail It is a network traffic security testing tool. It checks application for known TLS/SSL vulnerabilities and misconfigurations. It scans SSL/TLS encrypted connections and checks whether they are vulnerable to man-in-the-middle (MiTM) attacks. It can be set up as a router, VPN server or proxy server.

Grabber – http://rgaucher.info/beta/grabber/ https://github.com/neuroo/grabber   Grabber is a nice web application scanner which can detect many security vulnerabilities in web applications. It performs scans and tells where the vulnerability exists. It can detect the following vulnerabilities: Cross site scripting – SQL injection – Ajax testing – File inclusion – JS source code analyzer – Backup file check

Grendel-Scan – https://sourceforge.net/projects/grendel/ Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests

Iron Wasp – https://ironwasp.org/ It is a GUI based powerful scanning tool which can check over 25 kinds of web vulnerabilities. It can detect false positives and false negatives. It is built on Python and Ruby and generates HTML and RTF reports.

LAPSE+ – https://www.owasp.org/index.php/OWASP_LAPSE_Project Lapse+ is a security scanner for detecting vulnerabilities of untrusted data injection in Java EE Applications. It has been developed as a plugin for Eclipse Java Development Environment, working specifically with Eclipse Helios and Java 1.6 or higher.

Mantra Security Framework – http://www.getmantra.com/ Mantra is a web application security testing framework built on top of a browser. It supports Windows, Linux(both 32 and 64 bit) and Macintosh. In addition, it can work with other software like ZAP using built in proxy management function which makes it much more convenient. Mantra is available in 9 languages: Arabic, Chinese – Simplified, Chinese – Traditional, English, French, Portuguese, Russian, Spanish and Turkish

Nikto – https://cirt.net/nikto2 Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers as well as  version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. For downloads and more information,

Pantera Web Assessment Studio Project – https://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project  Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine. The primary goal of Pantera is to combine automated capabilities with complete manual testing to get the best penetration testing results.

Python Web Penetration Cookbook – http://pdf.th7.cn/down/files/1508/Python%20Web%20Penetration%20Testing%20Cookbook.pdf  https://www.python.org/  Has 60 cvrucial recipes for performing advanced Penetration testing of web based applications.

Ratproxy – http://code.google.com/p/ratproxy/  Ratproxy is also an open source web application security audit tool which can be used to find security vulnerabilities in web applications. It is supports Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.This tool is designed to overcome the problems users usually face while using other proxy tools for security audits. It is capable of distinguishing between CSS stylesheets and JavaScript codes. It also supports SSL man in the middle attack, which means you can also see data passing through SSL. You can read more about this tool here: http://code.google.com/p/ratproxy/wiki/RatproxyDoc

Sprajax – https://www.owasp.org/index.php/Category:OWASP_Sprajax_Project Sprajax is an open source black box scanner for AJAX-enabled application

SWF Intruder – https://www.owasp.org/index.php/Category:SWFIntruder SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime.

SWF Scan – No longer available on opensource – acquired by HP – no updates on status – you can find old versions if you search.

Vega – https://subgraph.com/vega/  Vega is a vulnerability scanning and testing tool written in Java. It works with OS X, Linux and Windows platforms. It is GUI enabled and includes an automated scanner and an intercepting proxy. It can detect web application vulnerabilities like SQL injection, header injection, cross site scripting etc. It can be extended through a javascript API.

WAP Web Application Protection – http://awap.sourceforge.net/  WAP is a tool to detect and correct input validation vulnerabilities in web applications written in PHP and predicts false positives. The tool combines source code static analysis and data mining to detect vulnerabilities and predict false positives. Then, corrects the source code to remove the real vulnerabilities inserting fixes (small functions) in the right places of the source code.

Watobo – http://watobo.sourceforge.net/index.html  WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. Perform vulnerability checks out of the box

WAVSep – https://sourceforge.net/projects/wavsep/?source=directory  WAVSep is a vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners.

WebScarab NG – https://www.owasp.org/index.php/WebScarab_Getting_Started WebScarab is a framework for analizing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is portable to many platforms. WebScarab has several modes of operation that are implemented by a number of plugins. There is a new Next Generation version with an easier UI and session information is now written in a database instead of individual files.

Web Server Security Test – https://geekflare.com/online-scan-website-security-vulnerabilities/ Web Server Security Test will test your web server configuration, web application cookies, and HTTP headers for security and compliance with best-practices, such as OWASP:

WebStretch – https://sourceforge.net/projects/webstretch/  Webstretch enables a user to view & alter all aspects of communications with a web site via a proxy. Primarily used for security based penetration testing of web sites, it can also be used for debugging during development. Seen as part of a hacker toolkit

WebTesting Environment – https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project OWASP WTE, or OWASP Web Testing Environment, is a collection of application security tools and documentation available in multiple formats such as VMs, Linux distribution packages, Cloud-based installations and ISO images.

ZED Attack Proxy (ZAP) –https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP was developed by AWASP and is available for Windows, Unix/Linux and Macintosh platforms. It has high ease of use. It can be used as a scanner or to intercept a proxy to manually test a webpage. Its key features are traditional and AJAX spiders, Fuzzer, Web socket support and a REST based API the box and has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.

SQL Injection Testing 

Too many to list – Please use this link to find the latest ones uploaded and their ratings https://sourceforge.net/directory/os:windows/?q=blind%20sql%20injection%20tool

Absinthe – https://sourceforge.net/projects/absinthe/ Absinthe is an automated SQL injection utility capable of both blind and verbose SQL injections.

Blind SQL Injection Brute Forcer – This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.

ExploitMyUnion – https://sourceforge.net/projects/exploitmyunion/?source=directory ExploitMyUnion is a tool written in Python with a PyQt user interface made to automate sql injection exploitation.

ICFsqLi Crawler – https://sourceforge.net/projects/icf-sqli/?source=directory This tool helps u to scan sql injection vulnerablity on 1000s of websites , by just giving the ip of the server

Mole – https://sourceforge.net/projects/themole/?source=directory Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easi

Pangolin – http://pangolin-free.soft32.com/ Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Safe3 – https://sourceforge.net/projects/safe3wvs/?source=directory Safe3WVS is one of the most powerful web vulnerability scanner with AI on-the-fly web spider crawling technology,especially web portals ,it is the most fast tool to dig such as sql injection, upload vulnerability.

SQL Brute Force Tools – http://www.ush.it/team/ascii/hack-sqlbftools-1.2/mysql_bftools/readme.txt Adaptive http-sql bruteforce tool version 2 for MySQL injection bruteforcing.

SQLiX – https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project Coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn’t need to reverse engineer the original SQL request (using only function calls).*Project is currently porting from Perl to Python

SQLMap – https://sourceforge.net/projects/sqlmap/?source=directory It detects SQL injection vulnerability in a website database. It can be used on a wide range of databases and supports 6 kinds of SQL injection techniques: time-based blind, boolean-based blind, error-based, UNION query, stacked queries and out-of-band. It can directly connect to the database without using an SQL injection and has great database fingerprinting and enumeration features.

SQLNinja – http://sqlninja.sourceforge.net/ SQLNinja I s a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

SQL Power Injector – https://sourceforge.net/projects/spinj/?source=directory SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. For now, it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

SQLSentinel – https://sourceforge.net/projects/sqlsentinel/?source=directory SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.

Tyrant SQL – https://sourceforge.net/projects/tyrantsql/?source=directory It’s a poweful Sql Injection Tool. It’s a GUI version of SqlMap, saving time and getting better results. Was designed basing on Havij.

SSL Testing Tools

Comodo SSL Analyzer – https://sslanalyzer.comodoca.com/ Scans your https URL and gives you quick reports on various parameters including: Serial Number, Fingerprint, SSL Cert Validity, Cert Issuer, Supported Protocol (TLS/SSL), Downgrade Protection, Secure Renegotiation (Service/Client-initiated), Compression, Session Tickets, Enabled Cipher SuitesDigicert SSL Certificate Checker – Verifies your DNS resolved – SSL Certificate – Standing of Certificate – Expiration of Certificate and Certificate Names match the domain name

Foundstone SSL Digger – http://www.mcafee.com/us/downloads/free-tools/ssldigger.aspx SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure.

Free SSL Server Test – https://www.htbridge.com/ssl/ Test SSL/TLS implementation of any service on any port for compliance with industry best-practices, NIST guidelines and PCI DSS requirements

O-Saft – https://www.owasp.org/index.php/O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers. O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important information or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people.

QUALYS SSL Labs – https://www.ssllabs.com/ This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. It is pretty awesome to run against servers and see their results AKA Qualys SSL Labs.

SSLScan – https://launchpad.net/ubuntu/xenial/+package/sslscan SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed to be easy, lean and fast. The output includes preferred ciphers of the SSL service, the certificate and is in Text and XML formats

SSLScan Windows – https://github.com/rbsec/sslscan/releases SSLScan tests SSL/TLS enabled services to discover supported cipher suites

SSL Shopper – https://www.sslshopper.com/ Checks DNS- Server Type – Certificate trusted by all major browsers – Certificate Issuer – Certificate Expiration – Verify Hostname correctly listed on certificate.

sslyze – https://github.com/iSECPartners/sslyze Fast and full-featured SSL scanner

Symantec SSL Toolbox – https://cryptoreport.websecurity.symantec.com/checker/ Includes Check your CSR – it’s essential to check your CSR before sending for signing request. This gives you confirmation your CSR contains expected parameters like CN, DN, O, OU, Algorithm, etc. Check certificate installation – after installation of signed certificate, it’s always good to verify your certificate is valid with required information. This online check CN, SAN, Organization, OU, City, Serial number, Algorithm type, Key size and certificate chain details.

Test Client SSL – https://www.howsmyssl.com/ How’s my SSL? – This free online service performs a scan against your client SSL it chooses topics important to today’s security environment and analyzes clients in that context. It will never be a complete audit, but it can hit the high notes. It checks and rates for Version – Ephemeral Key Support – Session Ticket Support – TLS Compression – BEAST Vulnerability – Insecure Cipher Suites – Unknown Cipher Suites – Given Cipher Suites

TestSSLServer – http://www.bolet.org/TestSSLServer/ TestSSLServer is a command-line tool which contacts a SSL/TLS server and obtains some information on its configuration. It aims at providing (part of) the functionality of Internet-based tools like Qualys SSL Server Test, but without the requirement of the server being Internet-reachable. You can use TestSSLServer on your internal network, to test your servers while they are not (yet) accessible from the outside.

Wormly Web Server Tester – https://www.wormly.com/test_ssl This online free service runs 67 tests and provides you very good overview about your secure URL. This contains certificate overview (CN, Expiry details, Trust chain), Encryption Ciphers details, Public key size, Secure Renegotiation, Protocols like SSLv3/v2, TLSv1/1.2.

Fuzzer Testing Tools

PeachFuzzer – http://www.peachfuzzer.com/products/ The Peach Fuzzer Platform, paired with our industry-focused Peach Pits, can test virtually any system for unknown vulnerabilities. From common test targets to complex proprietary systems. The fuzzing platform gives users the tools to secure their products by eliminating potential security threats before deployment and release

SkipFish – https://code.google.com/archive/p/skipfish/ Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security check

Spike – http://ihazomgsecurityskillz.blogspot.com/2011/03/installing-and-tweaking-spike-and.html A fuzzer framework that can be used to explore vulnerabilities and perform length testing

W3af – http://w3af.org/ It is a web application audit and attack framework that is effective against over 200 vulnerabilities. It has a GUI with expert tools which can be used to send HTTP request and cluster HTTP responses. If a website is protected, it can use authentication modules to scan them. Output can be logged into a console, a file or sent via email.

WAPITI – http://wapiti.sourceforge.net/ Wapiti is also a nice web vulnerability scanner which lets you audit the security of your web applications. It performs black-box testing by scanning web pages and injecting data. It tries to inject payloads and see if a script is vulnerable. It supports both GET and POSTHTTP attacks and detects multiple vulnerabilities. It can detect following vulnerabilities: File Disclosure – File inclusion – Cross Site Scripting (XSS) – Command execution detection – CRLF Injection – SEL Injection and Xpath Injection – Weak .htaccess configuration – Backup files disclosure

WFuzz – https://github.com/xmendez/wfuzz Wfuzz is another freely available open source tool for web application penetration testing. It can be used to brute force GET and POST parameters for testing against various kinds of injections like SQL, XSS, LDAP and many others. It also supports cookie fuzzing, multi-threading, SOCK, Proxy, Authentication, parameters brute forcing, multiple proxy and many other things. You can read more about the features of the tool here: http://code.google.com/p/wfuzz/

WSFuzzer – https://sourceforge.net/projects/wsfuzzer/ WSFuzzer is a LGPL’d program, written in Python, that currently targets Web Services. In the current version HTTP based SOAP services are the main target. This tool was created based on, and to automate, some real-world manual SOAP pen testing work

Brute Force Password Testing

THC Hydra – https://github.com/vanhauser-thc/thc-hydra A very fast network logon cracker which support many different services. See feature sets and services coverage page – incl. a speed comparison against ncrack and medusa.

Brutus – http://technosnoop.com/2016/03/download-password-cracker-brutus/ Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. No update since 2002

fgdump – https://www.aldeid.com/wiki/FGDump A Tool For Mass Password Auditing of Windows Systems. Not updated since 2008

HashCat – https://hashcat.net/hashcat/ Advanced Password Recovery – Multi-Hash, Muliti-OS – Multi-Algo – All attack modes – SSE2 and XOP accelerated. Very fast rules engine

John the Ripper – http://www.openwall.com/john/  John the Ripper is a fast password cracker, currently available for many sflavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are WindowsLM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Medusa – http://www.darknet.org.uk/2006/05/medusa-password-cracker-version-11-now-available-for-download/ Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing. Modular design.Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Ncat – https://nmap.org/ncat/ Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

Password Dictionary – https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm CrackStation’s main password cracking dictionary (1,493,677,782 words, 15GB). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.

Online Specific Web Server Vulnerabilities

Check for POODLE vulnerability https://www.tinfoilsecurity.com/poodle https://pentest-tools.com/network-vulnerability-scanning/ssl-poodle-scanner

Check for FREAK vulnerability https://tools.keycdn.com/freak

Check for LogJam vulnerability https://weakdh.org/sysadmin.htmlCheck for SHA-1 vulnerability https://shaaaaaaaaaaaaa.com

Bishop Fox Tools Project – https://www.bishopfox.com/resources/tools/

Firecat – https://www.bishopfox.com/resources/tools/other-free-tools/firecat/ Firecat is a penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network. After a tunnel is established, you can connect from an external host to any port on any system inside the compromised network, even if the network is behind a NAT gateway and/or strict firewall. This can be useful for a number of purposes, including gaining Remote Desktop access to the internal network NAT’d IP address (e.g. https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e1%2e10) of a compromised web server.

Google Hacking Diggity – https://www.bishopfox.com/resources/tools/google-hacking-diggity/ The Google Hacking Diggity Project is a research and development initiative dedicated to investigating Google Hacking, i.e. the latest techniques that leverage search engines, such as Google, Bing, and Shodan, to quickly identify vulnerable systems and sensitive data in corporate networks.

MD5 and MD4 Collision Generators – https://www.bishopfox.com/resources/tools/other-free-tools/md4md5-collision-code/ Create MD4 and MD5 hash collisions using groundbreaking new code that improves upon the techniques originally developed by Xiaoyun Wang. Using a 1.6 GHz Pentium 4, MD5 collisions can be generated in an average of 45 minutes, and MD4 collisions can be generated in an average of 5 seconds

Sharepoint Hacking Diggity – https://www.bishopfox.com/resources/tools/sharepoint-hacking-diggity/ The SharePoint Hacking Diggity Project is a research and development initiative dedicated to investigating the latest tools and techniques in hacking Microsoft SharePoint technologies. This project page contains downloads and links to our latest SharePoint Hacking research and free security tools. Assessment strategies are designed to help SharePoint administrators and security professionals identify common insecure configurations and exposures introduced by vulnerable SharePoint deployments.

Wifi Hacking Tools List created by Eric Grier from Network World

Stumbling and Sniffing

You can use Wi-Fi stumblers to detect nearby access points and their details, like the signal level, security type and media access control address. You might find access points set with weak Wired Equivalent Privacy security, which can be easily cracked, or possibly rogue access points setup by employees or others that could be opening your network up to attack. If there are access points set with a hidden or non-broadcasted SSID (network name), Wi-Fi stumblers can quickly reveal it.

You can use wireless sniffers to capture raw network packets sent over the air. You could import the captured traffic into other tools, such as to crack encryption. Or if you’re connected to the network (or if it’s not encrypted), you could manually look for email and website passwords sent in clear-text.

Here are a few Wi-Fi stumblers and sniffers:

Vistumbler is an open source Windows application that displays the basic access point details, including the exact authentication and encryption methods, and can even speak the SSID and RSSI. It also displays graphs of signal levels. It’s highly customizable and offers flexible configuration options. It supports access point names to help distinguish them, also helping to detect rogue access points. It also supports GPS logging and live tracking within the application using Google Earth.

Kismet is an open source Wi-Fi stumbler, packet sniffer, and intrusion-detection system that can run on Windows, Mac OS X, Linux, and BSD. It shows the access point details, including the SSID of “hidden” networks. It can also capture the raw wireless packets, which you can then import into Wireshark, TCPdump, and other tools. In Windows, Kismet only works with CACE AirPcap wireless adapters due to the limitation of Windows drivers. It does, however, support a variety of wireless adapters in Mac OS X and Linux.

Wifi Analyzer is a free Android app you can use for finding access points on your Android-based smartphone or tablet. It lists the basic details for access points on the 2.4-GHz band, and on supported devices on the 5-GHz band as well. You can export the access point list (in XML format) by sending it to email or another app or take snapshot of the screens. It also features graphs showing signals by channel, history, and usage rating and also has a signal meter feature to help find access points.

WEP Key and WPA/WPA2-Personal Cracking

There are many tools out there that can crack Wi-Fi encryption, either taking advantage of WEP weaknesses or using brute-force dictionary-based attacks on WPA/WPA2-Personal (PSK). Thus you should never use WEP security.

WPA2 security with AES/CCMP encryption is the most secure. And if you use the Personal or Pre-shared key (PSK) mode, use a long 13+ character passphrase with mixed-case letters, numbers, and special characters — any ASCII characters will do.

You can use these tools to understand the Wi-Fi encryption weaknesses or to test your current passwords:

Aircrack-ng is an open source suite of tools to perform WEP and WPA/WPA2-Personal key cracking, which runs on Windows, Mac OS X, Linux, and OpenBSD. It’s also downloadable as a VMware image and Live CD. You can capture data packets, inject and replay traffic, and reveal the encryption keys once enough packets have been captured.

CloudCracker is a commercial online password cracking service, starting at $17 for 20 minutes. In addition to WPA/WAP2 PSKs, it can also be used to attempt cracking of password hashes and password-protected documents. They use huge dictionaries of 300 million words to perform the cracking and have the computing power to do it quick. You just simply upload the handshake file for WPA/WPA2 or PWDUMP file for the hashes or documents.

WPA/WPA2-Enterprise Cracking

Though the Enterprise mode of WPA/WPA2 security with 802.1X authentication is more secure than the Personal (PSK) mode, it still has vulnerabilities. Here’s a tool to help you better understand these attacks, how you can protect your network, and test your security:

FreeRadius-WPE is a patch for the open source FreeRADIUS server designed to perform man-in-the-middle attacks against users of wireless networks using 802.1X authentication. It modifies the server to accept all network-attached storage devices and EAP types and logs the username and challenge/response from the unsuspecting users that connect to the fake wireless network. Then the challenge/response can be inputted into another Linux program, asleap, to crack the encrypted password.

WPS PIN Cracking

If you have a wireless router instead of or in addition to access points, you should be aware of a vulnerability publicly discovered in December. It involves the Wi-Fi Protected Setup (WPS) feature found on most wireless routers and usually activated by default when using WPA/WPA2-Personal (PSK) security. The WPS PIN, which can be used to connect to the wireless router, can be easily cracked within hours.

Here’s one tool you can use to test your wireless routers against the WPS PIN weakness:

Reaver is Linux program that performs brute force attacks against wireless routers to reveal their WPS PIN and WPA/WPA2 PSK within four to 10 hours. They also offer an easy-to-use hardware solution, Reaver Pro, with a graphical web interface.

Evil Twin APs and Wi-Fi Honey Pots

One technique Wi-Fi hackers can use to get unsuspecting people to connect to them is by setting up a fake access point, aka an evil twin access point or wireless honey pot. Once someone connects to the access point the hacker can then, for example, capture any email or FTP connections or possibly access the user’s file shares. They could also use a captive portal or spoofed DNS caching to display a fake website mirroring a hotspot or website login page in order to capture the user’s login credentials.

Here are tools to find vulnerable wireless clients on your network:

WiFish Finder is an open source Linux program that passively captures wireless traffic and performs active probing to help identify wireless clients vulnerable to attacks, like evil twin access points, honey pots, or man-in-the-middle attacks.

It builds a list of network names that wireless clients are sending probe requests for and detects the security type of that desired network. Thus you can identify clients probing for unencrypted networks, which would be easily susceptible to evil twins or honey pots attacks, or those probing for a WPA/WPA2-Enterprise network that could be susceptible to man-in-the-middle attacks.

Jasager (based on KARMA) is Linux-based firmware offering a set of Linux tools to identify vulnerable wireless clients, like WiFish Finder, but can also perform evil twin or honey pot attacks. It can run on FON or WiFi Pineapple routers. It can create a soft access point set with the SSIDs nearby wireless adapters are probing for and run a DHCP, DNS, and HTTP server so clients can connect. The HTTP server can then redirect all requests to a web site. It can also can capture and display any clear-text POP, FTP, or HTTP login performed by the victim. Jasager features a web-based and command-line interface.

Fake AP runs on Linux and BSD and generates thousands of simulated access points by transmitting SSID beacon frames. It could be used by attackers to confuse IT staff or intrusion-detection systems, or even used by you to confuse the attacks of wardrivers.

Wireless Driver Vulnerabilities

Here’s a tool to help find weaknesses with certain device drivers of wireless adapters that could make attacks on your network easier:

WiFiDEnum (WiFi Driver Enumerator) is a Windows program that helps identify vulnerable wireless network drivers that are risk to wireless driver exploit attacks. It scans the wired or wireless network for Windows workstations, collects details about their wireless network adapter drivers, and identifies possible vulnerabilities.

General Network Attacks

Here are a few tools to demonstrate eavesdropping and attacks that we’ve seen on wired networks for years, which also can work via Wi-Fi:

Nmap (as in Network Mapper) is an open source TCP/IP scanner you can use to identify hosts and clients on the network, available on Linux, Windows, and Mac OS X with a GUI or a command-line. It reports what operating system they’re using, services they’re using or offering, what type of packet filters or firewalls they’re using, and many other characteristics. This can help you find insecure hosts and ports that may be susceptible to hacking.

Cain and Abel is a password recovery, cracker, and sniffer tool for Windows. Use it to demonstrate, for example, the ability to sniff clear-text passwords sent over the network.

Firesheep is Firefox add-on that performs HTTP session hijacking, aka sidejacking. It monitors the network for logins from users on sites that exchange the login cookie without using full SSL encryption. Once a cookie is detected, it lists a shortcut to the protected website that an attacker can visit without having to login.

Pen Testing Linux Distributions

If you’re serious about penetration testing, consider using a Linux distribution dedicated to it. One of the most popular is BackTrack, which offers more than 320 preinstalled penetration testing tools you can use for playing around with networks, web servers and more. You can install BackTrack to a hard drive or boot it from a Live DVD or USB flash drive.

There will be more added weekly. If you are conducting business on the internet your first priority should be creating a security plan and I recommend using CYBRARY which provides FREE ONLINE TRAINING AND CERTIFICATIONS for CyberSecurity. They have learning paths and include courses for Risk Assessment – CISSP – government regulations – penetration testing and so much more. They also have a new Beta program where you can create a TEAM and assign your team members courses to take and complete. They also have courses for everyone at a company that will introduce them to security issues and how to be compliant with policies.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
10 Comments
  1. Are you worried your partner might be cheating on you? I know of a friend who used the service of an investigative firm she hired online and was able to get all the facts she had been yearning to get in months within a couple of days. Funny thing was, she just saw their email (INCFIDELIBUS at Gmail dot com) on an online forum and the puzzle was solved for her. They also fix credit scores, delete criminal records, hack mobile phones and many more. Just send an email stating what you need them to get done for you

  2. about back track i think is old and his tools need to update . kali linux 2 is better . and thank you for sharing .

  3. thanks a lot for sharing 🙂

  4. Awesome Job!!.

    Thanks

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel